fickerstealer | 581c3424794fce6092c16e0ba7365537410cc4e10062cd06f9c49b9407be1720 | Triage

Sharing

General

Target

0e01d2215e00c2a03a93b72a13476c588fbd383d4367e3d85265969e65dff388.zip
Size

317KB
Sample

221114-lqkazabf4z
MD5

953df8a6439eada3436695dd0a30affd
SHA1

2d4e1cc56d981ab36abc7faee902c81ba53f57d4
SHA256

581c3424794fce6092c16e0ba7365537410cc4e10062cd06f9c49b9407be1720
SHA512

c854e05376ea6401c9f031deb078c93cd0f8c2fbad9c14549c628997a12d42aebfd817c9dd56764e96487277676d1ef247386a29a8dfa9db62cc2e12f680c6dd
SSDEEP

6144:hJrA0k9QQkJ3YxVHhcZAwL6I02//mF0MFyU8aOUm95bTgxNlXD3:30QQkUVHKSm/uFaU8aOUm95bTijD

Score

10^/10

fickerstealer infostealer

Malware Config

Extracted

Family

fickerstealer

C2

game2030.site:80

Targets

- Target
  
  0e01d2215e00c2a03a93b72a13476c588fbd383d4367e3d85265969e65dff388.exe
- Size
  
  502KB
- MD5
  
  52241b7a6707a79755e1386a26bce09c
- SHA1
  
  bd2f102d6f10cde689835418f213db6b0713c2cd
- SHA256
  
  0e01d2215e00c2a03a93b72a13476c588fbd383d4367e3d85265969e65dff388
- SHA512
  
  b4f781a8344d9db9ba3ee6d54c9a2c614a3b0699c05f527b1cfd22775613c8f902eb95553b7f3a56b8a1b5b6b7715b0491159d8bcc9dc712129512551d65ea05
- SSDEEP
  
  12288:KvGfd3Y8OD4pvwybEaPx7n14bwZGEX8cMMW0rw3:qW3NX1NFn1ZsEeh3
Score

10^/10

fickerstealer infostealer
- Fickerstealer
  Ficker is an infostealer written in Rust and ASM.
  infostealer fickerstealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

fickerstealerinfostealer

behavioral2

fickerstealerinfostealer